On Mon, Feb 1, 2010 at 10:50 PM, Amaru Netapshaak <[email protected]> wrote: > Anyway, if you still need "accept all", Alan's example should work. > Put something like this on authorize section > > ldap > if (notfound) { > update control { > Auth-Type = Accept > } > update reply { > Tunnel-Private-Group-ID = 10 > } > } > > that way if the user is NOT in ldap, it will simply return > Access-Accept with attribute Tunnel-Private-Group-ID = 10 (you can add > other required reply attributes there as well).
> I tried your suggestion, still returns REJECT. Where did you put it? Perhaps you put it in the wrong section? I tested it with radtest, and it works (returns Accept). But if you're testing it with actual EAP clients it needs to be in authorize section of sites-enabled/inner-tunnel. Also, running radius in debug mode might help. It'll help identify whether the ldap module actually returns notfound during authorize, or returns something else. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
